The main benefits of static analysis are:
● early detection of bugs
● automatic standard compliance check
● code quality report generation
Depending on the requirements of the project, different set of rules can be used. For safety critical project, it is often mandatory to check for MISRA C/C++ compliance.
The static analysis tool can be run automatically by the build server, as part of the automated build process.
It is good practice to start using static analysis at the beginning of a project. As the code base grows in size, the number of messages reported by static analysis tools can quickly become unmanageable, if issues have not been addressed early.
However, it can be still be useful to perform a static analysis over an existing code base, as it will give an indication of the quality of the code.